October is yielding a bumper crop of honors for National Institute of Standards and Technology (NIST) Fellow Ron Ross. Considered the father of the Federal Information Security Management Act (FISMA) security standards, a "cyber rock star" and an international cybersecurity ambassador, he is being recognized by three organizations this month for contributions to the field of cybersecurity.
On October 7, 2015, Ross was presented the Samuel J. Heyman Service to America Medal in Homeland Security and Law Enforcement by Commerce Deputy Secretary Bruce Andrews. Ross was one of eight winners chosen for their strong commitment to federal service and significant accomplishments in their fields. These medals, known as Sammies, are considered the "Oscars" of government service.
Ross received the honor for "instituting a state-of-the-art risk assessment system that has protected federal computer networks from cyberattacks and helped secure information critical to our national and economic security."
Sammie winners were selected from 30 finalists—including NIST physicist Gretchen Campbell—out of a field of 500 nominations. The medals are conferred by the nonprofit Partnership for Public Service.
Ross is a fellow in the Computer Security Division and leads the FISMA Implementation Project, which includes developing security standards and guidelines for the federal government, contractors, and the nation's critical information infrastructure. He is the lead author of a number of Federal Information Processing Standards and computer security publications, including the foundational Special Publication 800-53.
He is the principal architect of the Risk Management Framework (RMF), a multitiered approach that provides a disciplined and structured methodology for integrating the suite of FISMA-related standards and guidelines into a comprehensive enterprise-wide security program. The RMF replaced an earlier checklist approach to secure networks.
"Ron is the rock star of cyber," said Donna Dodson, NIST's chief cybersecurity advisor. "He took a field that had no rigor and discipline and developed approaches that are used here and worldwide. The Risk Management Framework he developed is a way of thinking about protecting information from tip to tail."
Ross also leads the Joint Task Force, an interagency partnership with the Department of Defense, the Office of the Director of National Intelligence, the Committee on National Security Systems and other components of the U.S. intelligence community. The task force developed the Unified Information Security Framework for the federal government, including contractors.
Two years ago, President Obama asked NIST to develop a method to secure critical infrastructure such as electricity grids, power plants, traffic signals and water treatment facilities. "NIST would not be doing this work without the groundwork laid by Ron and the folks under his supervision," said Charles Romine, director of NIST's Information Technology Laboratory.
As a result of his widely used work, Ross has been called on by U.S. industry, academia and governments around the world to help their efforts to protect information. He has led U.S. cybersecurity teams to Australia, India, Japan, Canada and the European Union, promoting U.S. information security concepts and best practices.
GCN named Ross Government Executive of the Year on October 7 for his contributions to securing federal information systems.
"There is virtually no corner of federal IT in 2015 that doesn't need to take cybersecurity into account," said Troy Schneider, GCN's editor in chief. "And there is probably no government executive more central to those security efforts than Ron Ross."
Ross also will be inducted into the Class of 2015 National Cyber Security Hall of Fame on October 29, 2015, along with four others. The organization honors innovative individuals and organizations "for their vision and leadership to create the foundational building blocks of the Cyber Security industry."
Watch a video of Ron Ross talking about his work.